Web::Passwd versions through 0.03 for Perl is vulnerable to RCE

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.

Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.

The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.

AI Analysis

Command injection vulnerability in Web::Passwd through version 0.03 for Perl, allowing remote code execution

Basic Information

ID CVE-2026-8500

Source CPANSec

Published May 13, 2026 at 22:24

Modified May 14, 2026 at 17:41

Affected Product

Vendor EVANK

Product Web::Passwd

Affected Versions EVANK Web::Passwd 0

CWE Classification

CWE-78

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor EVANK

Product Web::Passwd

Version 0.03

References

{
    "lastseen": "",
    "description": "Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.\n\nWeb::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.\n\nThe user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.",
    "published": "2026-05-13T22:24:42.216Z",
    "modified": "2026-05-14T17:41:51.045Z",
    "type": "cve",
    "title": "Web::Passwd versions through 0.03 for Perl is vulnerable to RCE",
    "source": "CPANSec",
    "references": "https://metacpan.org/release/EVANK/Web-Passwd-0.03\nhttps://httpd.apache.org/docs/current/programs/htpasswd.html",
    "id": "CVE-2026-8500",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "EVANK Web::Passwd 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Web::Passwd",
    "version": "0",
    "vendor": "EVANK",
    "ai_description": "Command injection vulnerability in Web::Passwd through version 0.03 for Perl, allowing remote code execution",
    "ai_severity": "Critical",
    "ai_vendor": "EVANK",
    "ai_product": "Web::Passwd",
    "ai_version": "0.03",
    "ai_score": 9.8
}

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE_CVE-2026-8500